git/t/t4211-line-log.sh
Allan Xavier aaae0bf787 line-log.c: prevent crash during union of too many ranges
The existing implementation of range_set_union does not correctly
reallocate memory, leading to a heap overflow when it attempts to union
more than 24 separate line ranges.

For struct range_set *out to grow correctly it must have out->nr set to
the current size of the buffer when it is passed to range_set_grow.
However, the existing implementation of range_set_union only updates
out->nr at the end of the function, meaning that it is always zero
before this. This results in range_set_grow never growing the buffer, as
well as some of the union logic itself being incorrect as !out->nr is
always true.

The reason why 24 is the limit is that the first allocation of size 1
ends up allocating a buffer of size 24 (due to the call to alloc_nr in
ALLOC_GROW). This goes some way to explain why this hasn't been
caught before.

Fix the problem by correctly updating out->nr after reallocating the
range_set. As this results in out->nr containing the same value as the
variable o, replace o with out->nr as well.

Finally, add a new test to help prevent the problem reoccurring in the
future. Thanks to Vegard Nossum for writing the test.

Signed-off-by: Allan Xavier <allan.x.xavier@oracle.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-03 11:16:20 -08:00

120 lines
3.2 KiB
Bash
Executable File

#!/bin/sh
test_description='test log -L'
. ./test-lib.sh
test_expect_success 'setup (import history)' '
git fast-import < "$TEST_DIRECTORY"/t4211/history.export &&
git reset --hard
'
canned_test_1 () {
test_expect_$1 "$2" "
git log $2 >actual &&
test_cmp \"\$TEST_DIRECTORY\"/t4211/expect.$3 actual
"
}
canned_test () {
canned_test_1 success "$@"
}
canned_test_failure () {
canned_test_1 failure "$@"
}
test_bad_opts () {
test_expect_success "invalid args: $1" "
test_must_fail git log $1 2>errors &&
grep '$2' errors
"
}
canned_test "-L 4,12:a.c simple" simple-f
canned_test "-L 4,+9:a.c simple" simple-f
canned_test "-L '/long f/,/^}/:a.c' simple" simple-f
canned_test "-L :f:a.c simple" simple-f-to-main
canned_test "-L '/main/,/^}/:a.c' simple" simple-main
canned_test "-L :main:a.c simple" simple-main-to-end
canned_test "-L 1,+4:a.c simple" beginning-of-file
canned_test "-L 20:a.c simple" end-of-file
canned_test "-L '/long f/',/^}/:a.c -L /main/,/^}/:a.c simple" two-ranges
canned_test "-L 24,+1:a.c simple" vanishes-early
canned_test "-M -L '/long f/,/^}/:b.c' move-support" move-support-f
canned_test "-M -L ':f:b.c' parallel-change" parallel-change-f-to-main
canned_test "-L 4,12:a.c -L :main:a.c simple" multiple
canned_test "-L 4,18:a.c -L ^:main:a.c simple" multiple-overlapping
canned_test "-L :main:a.c -L 4,18:a.c simple" multiple-overlapping
canned_test "-L 4:a.c -L 8,12:a.c simple" multiple-superset
canned_test "-L 8,12:a.c -L 4:a.c simple" multiple-superset
test_bad_opts "-L" "switch.*requires a value"
test_bad_opts "-L b.c" "argument not .start,end:file"
test_bad_opts "-L 1:" "argument not .start,end:file"
test_bad_opts "-L 1:nonexistent" "There is no path"
test_bad_opts "-L 1:simple" "There is no path"
test_bad_opts "-L '/foo:b.c'" "argument not .start,end:file"
test_bad_opts "-L 1000:b.c" "has only.*lines"
test_bad_opts "-L 1,1000:b.c" "has only.*lines"
test_bad_opts "-L :b.c" "argument not .start,end:file"
test_bad_opts "-L :foo:b.c" "no match"
test_expect_success '-L X (X == nlines)' '
n=$(wc -l <b.c) &&
git log -L $n:b.c
'
test_expect_success '-L X (X == nlines + 1)' '
n=$(expr $(wc -l <b.c) + 1) &&
test_must_fail git log -L $n:b.c
'
test_expect_success '-L X (X == nlines + 2)' '
n=$(expr $(wc -l <b.c) + 2) &&
test_must_fail git log -L $n:b.c
'
test_expect_success '-L ,Y (Y == nlines)' '
n=$(printf "%d" $(wc -l <b.c)) &&
git log -L ,$n:b.c
'
test_expect_success '-L ,Y (Y == nlines + 1)' '
n=$(expr $(wc -l <b.c) + 1) &&
test_must_fail git log -L ,$n:b.c
'
test_expect_success '-L ,Y (Y == nlines + 2)' '
n=$(expr $(wc -l <b.c) + 2) &&
test_must_fail git log -L ,$n:b.c
'
test_expect_success '-L with --first-parent and a merge' '
git checkout parallel-change &&
git log --first-parent -L 1,1:b.c
'
test_expect_success '-L with --output' '
git checkout parallel-change &&
git log --output=log -L :main:b.c >output &&
test ! -s output &&
test_line_count = 70 log
'
test_expect_success 'range_set_union' '
test_seq 500 > c.c &&
git add c.c &&
git commit -m "many lines" &&
test_seq 1000 > c.c &&
git add c.c &&
git commit -m "modify many lines" &&
git log $(for x in $(test_seq 200); do echo -L $((2*x)),+1:c.c; done)
'
test_done